I am entering the field as a career change. I have been a producer/project manager of film and video for 12 years. I am starting school in a few weeks working towards a BS in Cybersecurity. My eventual goal is to earn a CEH. At the end of my program i will have the following certs:
I am not sure if i will need to maintain all these certifications, but I am wondering with this foundation how can i move into being prepared in 5 years to sit for my CEH? I am in interested in Management since my previous career dealt in that arena, but I wonder if a red hat or blue hat would be the best route. I'm still learning the jargon and such so please forgive me for my ignorance or misuse of terms.
In summery: I am a person that likes to "work in the trenches" to learn my way and gain insight for management roles, and my eventual goal is to earn my CEH. Do i stick with the SSCP or do i pursue a CISSP or CISM as a means to work toward my CEH?
Thank you in advance!
Interesting. What school are you going to?
WGU has a new program!
https://texas.wgu.edu/online_it_degrees/cybersecurity_information_assurance_bachelor_degree
Lascelles,
I'm an IT-Security Bachelor of Science WGU Alum. It was a great experience for me.
That being said, the CEH is a different kind of animal. The WGU program will lay lots of foundation in risk assessment and risk mitigation at the management level, but it definitely won't directly prepare you for the CEH. Think of it in this kind of analogy:
The the Bachelor of Science program at WGU is to the CEH like Film and Video production is to being a Daytime TV Stunt Man. You will end the program knowing where a CEH may be used, but not necessarily have the skill developed to be one yourself. In addition to the academics, you'll want to have cultivated some of the hands on skills applying the CEH methods, and maybe need to study or practice an additional few months for the CEH exam.
On the second part of your post:
White Hat - Jargon used to describe someone who conducts research into security concepts for the good of the community or customers; operating within defined contracts; and not utilizing illegal or fraudulent means.
Grey Hat - Jargon used to describe someone who conducts research into security concepts usually for the good of the community at large or for personal knowledge, and not necessarily limiting themselves to defined contractual terms or legal means.
Black Hat - Jargon used to describe someone who conducts research into security concepts for the purposes of realizing their usefulness in personal gain, often employing illegal or fraudulent means.
White Team - A security exercise group that controls or sets the condition for the exercise and limits the conduct of the other teams.
Blue Team - A security exercise group that acts as the computer network/system defender, provides temporary assistance or training to the defender, or temporarily augments the defender as if they are an organic asset to the defender.
Green Team - A security exercise group consisting of external resources available to the defender, such as business partners who may assist in the defense or may be able to provide additional information and logs to the defenders (e.g. an ISP, Cloud Provider, Business partner with directly connected IT systems).
Red Team - A security exercise group consisting of notional attackers attempting to evaluate or assess latent vulnerabilities and the strengths and weaknesses of the defenders incident response measures.
Nearly everyone starts off on the White Team (if you're a White Hat). The reason for this is that first that you are at the least risk of causing actual damage to your systems. You're not actually doing any configuration changes, or running any offensive programs. You'll get to learn both the defensive systems and their impacts to business operations, and through proper reporting learn the methods that the Red Team used. You'll also be coordinating or acting as the Green Team - which in its own way is a "light" version of the Blue Team.
Afterward, again nearly everyone moves to the Blue Team. This again is for the safety of the enterprise because you are limited in causing damage by your reactive measures as opposed to running offensive tools that could completely crash and corrupt your business systems. You may still do some of the basic CEH tasks as a Blue Team member, such as attempting to figure out what your exposure is short of actually attempting to exploit anything.
Very few people move to a Red Team. First, you need all of the knowledge of the Blue Team as far as what you should expect a defender to do, plus you need the knowledge and skill to actually select and customize exploits. The Blue Team is typically running signatures in their tools - not completely reverse engineering a piece of quarantined malware looking for a weakness. So the knowledge level is far deeper and broader at the Red Team. Second, your risk is significantly higher since you could cause fatal damage to your target if you make a boo boo by using a particularly harsh exploit. Third, the need for Red Teams is very limited - therefore there are very few opportunities to join them if at all. Fourth, the screening for a Red Team is typically very stringent because it takes considerable maturity to do this work for the purpose of grinding out detailed reports for a customer - as opposed to doing it to rub the Blue Team's nose in their failures.
Good luck and best wishes on your career!
Sincerely,
Eric B.
If your goal is "work in the trenches", you probably want to pursue CEH after you complete the program. If management is more your thing, CISSP or CISM would be a good goal. Not sure that pursuing both specialties has great benefit.
ITIL certification has a one-time testing fee, no annual fees and no CPE requirements.
(ISC)² and CompTIA certifications have a one-time testing fee, annual fees and CPE requirements.
Overall, with that set of certs, you will probably spend 60 hours per year on continuing professional education (CPE). It is common to be able to apply a given CPE opportunity to multiple certificates, especially if they come from the same organization . You will also have between $25 and $100 annually per certificate.
That's a lot of stuff you've listed there - ambitious goals - good for you. I would however advise you to not solely rely on these certificates or certificates in general - the theory, the certificates and all of that is really good, however my advise for you would be in parallel to that - try and find a job related to cybersecurity - begin your career in it - experience different stuff everyday, see how security fits in the nowadays world, understand the different security concepts - the controls that are out there - see for yourself how a firewall is deployed and configured - what value it provides, check virus samples - see how actually a malicious code works, understand the IPS/IDS/SIEM possibly by working with them - this way you would be much more capable to understand the material in the mentioned courses and be able to actually apply it in practice.
I have both CEH and CISSP and can assure you that even though we are talking security - both courses are really different - CEH is much more practical and straight-forward, CISSP is extremely holistic, touches all security aspects, gives you history and in the end - just draws a picture where all things makes sense... and makes you think - definitely. Any source of security knowledge (no matter which course/cert you would choose) would be very valuable for you but as I said previously - try and put yourself in a security environment, read about Stuxnet, about Snowden, see real-life security stuff - this would definitely help you immensely with this challenge. BRAVO for choosing security 🙂